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Description 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] This application is based upon and claims the 
benefit of priority from the prior Japanese Patent Appli- 
cations No.P2001 -357875, filed on November 22, 2001 ; 
the entire contents of which are incorporated herein by 
reference. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

[0002] The present invention relates to an authentica- 
tion system, a mobile terminal, and an authentication 
method. 

2. Description of the Related Art 

[0003] Conventionally, there is an authentication sys- 
tem that authenticates a mobile terminal user by check- 
ing a password configured with numerals or characters 
that are pre- registered in the authentication system 
against a password transmitted from the mobile terminal 
to the authentication system. 

[0004] In addition, there is an authentication system 
that authenticates using an image photographed by a 
camera that is provided for photographing an authenti- 
cation subject at each location where authentication is 
performed. 

[0005] However, with the conventional authentication 
system using a password, there is a concern that a mo- 
bile terminal or password may be abused if a third party 
steals the mobile terminal or password. Accordingly, the 
conventional authentication system is considered to 
have a low level of security. 

[0006] In addition, with the conventional authentica- 
tion system where a camera is provided at each location 
where authentication is performed, authentication may 
be performed only at the specific location where a cam- 
era is provided. 

[0007] Therefore, an authentication system that has 
a high level of security, and can authenticate using an 
image irrespective of the location of the authentication 
subject, is desired. 

BRIEF SUMMARY OF THE INVENTION 

[0008] An object of the present invention is to provide 
an authentication system that has a high level of secu- 
rity, and can authenticate using an image irrespective of 
the location. 

[0009] An authentication system according to an as- 
pect of the present invention comprises a register image 
storage unit, which stores a pre-registered register im- 
age of a mobile terminal user; a communication control 
unit, which receives a moving image of the user trans- 
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. mitted from the mobile terminal; and an authentication 
processing unit, which authenticates the user by check- 
ing the moving image received by the communication 
control unit against the register image stored in the reg- 

5 ister image storage unit. 

[0010] Such an authentication system, the register 
image storage unit stores the pre-registered register im- 
age of the mobile terminal user. In addition, the commu- 
nication control unit receives a moving image of the user 

10 transmitted from the mobile terminal. Then the authen- 
tication processing unit authenticates the user by check- 
ing the moving image received by the communication 
control unit against the register image stored in the reg- 
ister image storage unit. 

'5 [001 1] As a result, the authentication system can de- 
termine correctly whether or not the user is him/herself 
by using the moving image of the user transmitted from 
the mobile terminal. Accordingly, the authentication sys- 
tem has a very high level of security, and may prevent 

20 the mobile terminal from being abused by a third party. 
Furthermore, the communication control unit receives a 
moving image transmitted from the mobile terminal. As 
a result, the authentication system may authenticate us- 
ing the image irrespective of the location of the authen- 

25 tication subject. 

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF 
THE DRAWINGS 

30 [0012] 

FIG. 1 is a block diagram illustrating the configura- 
tion of an authentication system according to an 
embodiment of the present invention; 

35 FIG. 2 is a flow diagram illustrating a registration 
processing procedure of a register image according 
to an embodiment of the present invention; 
FIG. 3 is a flow diagram illustrating an authentica- 
tion processing procedure according to an embod- 

40 iment of the present invention; and 

FIG. 4 is a sequential diagram describing the au- 
thentication processing according to an embodi- 
ment of the present invention. 

45 DETAILED DESCRIPTION OF THE INVENTION 

[001 3] An embodiment of the present invention is de- 
scribed with reference to the drawings. As shown in FIG. 
1 , an authentication system 1 comprises a mobile ter- 
50 minal 1 00, a mobile communication network 200, an au- 
thentication server 300, a network 210, and a server 
211. 

[0014] The mobile terminal 100 communicates with 
the authentication server 300 or the server 211 via the 
55 mobile communication network 200. As shown in FIG. 
1, the mobile terminal 100 comprises a terminal side 
processing unit 110, an input unit 120, an image acqui- 
sition unit 130, a voice acquisition unit 140, a memory 
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unit 150, a communication control unit 160, and a dis- 
play unit 170. The terminal side processing unit 110 
comprises a terminal side registration processing unit 
111 and a terminal side authentication processing unit 
112. The mobile terminal 100 may be, for example, a 
personal handy phone system (PHS), personal digital 
assistant (PDA), or laptop personal computer. 
[001 5] The image acquisition unit 1 30 is a moving im- 
age acquisition unit that acquires a moving image of the 
mobile terminal 1 00 user. The image acquisition unit 1 30 
also functions as a register image acquisition unit that 
acquires a register image of the user for registration in 
the authentication server 300. 

[0016] The image acquisition unit 130 acquires the 
moving image of the user during authentication by the 
authentication server 300. The image acquisition unit 
1 30 also acquires a static image or moving image of the 
user as a register image at the time of registration of the 
register image in the authentication server 300. The im- 
age acquisition unit 130 acquires a moving image or 
static image capable of authenticating the user. For ex- 
ample, the image acquisition unit 1 30 acquires a moving 
image or static image of the user's face. 
[0017] During authentication, the image acquisition 
unit 130 continues to acquire real-time moving images 
of the user, while the mobile terminal 100 and the au- 
thentication server 300 are connected. Then the image 
acquisition unit 1 30 continues to input the acquired real- 
time moving images to the terminal side authentication 
processing unit 112. In addition, the image acquisition 
unit 130 inputs the acquired static image or moving im- 
age of the user to the terminal side registration process- 
ing unit 111 at the time of registration of the register im- 
age. For example, a digital camera employing a charge 
coupled device (CCD) may be used as the image acqui- 
sition unit 130. 

[001 8] The terminal side processing unit 1 1 0 performs 
various types of processing in the mobile terminal 1 00. 
To begin with, the terminal side authentication process- 
ing unit 112 performs processing relating to authentica- 
tion by the authentication server 300. More specifically, 
the terminal side authentication processing unit 112 
converts a moving image, which is inputted from the im- 
age acquisition unit 130, into a signal that the commu- 
nication control unit 160 can transmit through the mobile 
communication network 200. The terminal side authen- 
tication processing unit 112 inputs the signal converted 
from the moving image to the communication control 
unit 1 60. During authentication, the real-time moving im- 
age of the user is inputted to the terminal side authen- 
tication processing unit 1 1 2 by the image acquisition unit 
130, while the mobile terminal 100 and the authentica- 
tion server 300 are connected. Accordingly, the terminal 
side authentication processing unit 112 continues to 
convert and input the moving images to the communi- 
cation control unit 160, while the mobile terminal 100 
and the authentication server 300 are connected. 
[0019] At this time, the terminal side authentication 
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processing unit 112 acquires identification data for the 
user from the memory unit 150. Then the terminal side 
authentication processing unit 112 inputs the identifica- 
tion data, in addition to the signal converted from the 

s moving image, to the communication control unit 160. 
The identification data may be any data that identifies 
the user. The identification data may be, for example, 
the telephone number of the mobile terminal 100, or a 
user ID configured with characters or numerals. 

w [0020] The terminal side registration processing unit 
111 performs processing relating to the registration of 
the register image in the authentication server 300. 
More specifically, the terminal side registration process- 
ing unit 111 converts the static image or moving image, 

'5 which is the register image inputted from the image ac- 
quisition unit 130, into a signal that the communication 
control unit 160 can transmit through the mobile com- 
munication network 200. The terminal side registration 
processing unit 1 1 1 inputs the signal converted from the 

20 register image to the communication control unit 160. 
The terminal side registration processing unit 111 ac- 
quires the static image or moving image acquired from 
the image acquisition unit 130 in accordance with the 
user's operation input through the input unit 120. 

25 [0021] At this time, the terminal side registration 
processing unit 111 acquires the identification data of 
the user from the memory unit 150. Then, the terminal 
side registration processing unit 1 1 1 inputs the identifi- 
cation data in addition to the converted register image 

30 to the communication control unit 1 60. In addition, the 
terminal side registration processing unit 111 stores the 
register image inputted from the image acquisition unit 
130 in the memory unit 150. Then the terminal side reg- 
istration processing unit 111 acquires the register image 

35 from the memory unit 1 50, converts the image into a sig- 
nal, and inputs the signal to the communication control 
unit 160 if necessary, such as in the case of retransmit- 
ting the register image. 

[0022] The terminal side registration processing unit 

40 m and terminal side authentication processing unit 1 1 2 
operate independently. Therefore, the terminal side reg- 
istration processing unit 111 and terminal side authenti- 
cation processing unit 112 may be provided in different 
mobile terminals. The mobile terminal 100 includes at 

45 least the terminal side authentication processing unit 
112. Accordingly, the terminal side registration process- 
ing unit 111 may be provided in any computer system 
other than the mobile terminal 1 00. 
[0023] Moreover, the terminal side processing unit 

so no performs processing in accordance with the user's 
operation input through the input unit 120. The terminal 
side processing unit 110 converts voice, which is input- 
ted from the voice acquisition unit 1 40, into a signal that 
the communication control unit 1 60 can transmit through 

55 the mobile communication network 200. The terminal 
side processing unit 110 inputs the signal converted 
from the voice to the communication control unit 160. 
The terminal side processing unit 110 stores the voice 
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acquired from the voice acquisition unit 1 40 in the mem- 
ory unit 1 50, if required. 

[0024] The terminal side processing unit 110 outputs 
the moving image or static image inputted from the im- 
age acquisition unit 130 to the display unit 170. The ter- 
minal side processing unit 110 outputs a notification 
from the authentication server 300 or the server 211, 
which is inputted from the communication control unit 
160, to the display unit 170. The terminal side process- 
ing unit 1 1 0 outputs instructions for the user, i.e. request- 
ing input of data or confirmation of data, to the display 
unit 170. . 

[0025] The communication control unit 160 communi- 
cates with the authentication server 300 or the server 
211 via the mobile communication network 200. The 
communication control unit 160 connects to the authen- 
tication server 300 for communication. 
[0026] The communication control unit 160 transmits 
the moving image acquired by the image acquisition unit 
130 to the authentication server 300. More specifically, 
the communication control unit 160 transmits the signal 
that is converted by the terminal side authentication 
processing unit 112 from the moving image acquired by 
the image acquisition unit 130, During authentication, 
real-time moving images are inputted the communica- 
tion control unit 160 by the terminal side authentication 
processing unit 112, while the mobile terminal 100 and 
the authentication server 300 are connected. Accord- 
ingly, the communication control unit 160 continues to 
transmit the real-time moving image signals, while the 
mobile terminal 100 and the authentication server 300 
are connected. At this time, identification data together 
with the moving image signal are inputted to the com- 
munication control unit 1 60 by the terminal side authen- 
tication processing unit 112. Therefore, transmits the 
identification data in addition to the moving image sig- 
nal. 

[0027] Thus, it is possible for the mobile terminal 1 00 
to transmit the moving image in real time as a result of 
the combination of the image acquisition unit 130, the 
terminal side authentication processing unit 112, and 
the communication control unit 160. In other words, the 
mobile terminal 100 has the capacity to function as a 
"video- phone". In addition,. with a mobile terminal such 
as the mobile terminal 100, the image acquisition unit 
130 acquires the moving image of the user. Then the 
communication control unit 160 transmits the moving 
image acquired by the image acquisition unit 130 to the 
authentication server 300, while the mobile terminal 100 
and the authentication server 300 are connected. 
Therefore, the mobile terminal 1 00 may receive authen- 
tication from the authentication server 300 that performs 
the authentication using the moving image of the user 
transmitted from the mobile terminal 100. Accordingly, 
the mobile terminal 100 user may prevent its abuse by 
a third party. The mobile terminal 100 user may receive 
authentication using the image irrespective of the user's 
location. 
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[0028] The communication control unit 160 transmits 
the register image acquired by the image acquisition unit 
130 to the authentication server 300. More specifically/ 
the communication control unit 160 transmits the signal 

5 that has been converted by the terminal side registration 
processing unit 111 from the register image acquired by 
the image acquisition unit 130. Atthistime, identification 
data together with the signal of the register image are 
inputted to the communication control unit 160 by the 

io terminal side registration processing unit 111. Accord- 
ingly, the communication control unit 160 transmits the 
identification data together with the register image sig- 
nal. In this manner, by registering the identification data 
together with the register image in the authentication 

15 server 300, makes it is difficult for a third party to use 
the mobile terminal 100 illegally. 
[0029] In addition, the communication control unit 1 60 
transmits the voice acquired by the voice acquisition unit 
1 40 to the authentication server 300 and the server 21 1 . 

20 More specifically, the communication control unit 160 
transmits a signal that is converted by the terminal side 
processing unit 110, from the voice acquired by the 
voice acquisition unit 140. In addition, the communica- 
tion control unit 160 receives notification transmitted 

25 from the authentication server 300 or the server 211. 
The communication control unit 160 inputs a notification 
of receipt to the terminal side processing unit 110. 
[0030] The input unit 120 accepts the input from the 
user of the mobile terminal 100. The input unit 120 is 

30 capable of accepting input by the user. For example, the 
input unit 1 20 may be a plurality of buttons or keys. The 
input unit 120 inputs the contents inputted through the 
user operation to the terminal side processing unit 110. 
For example, the user selects the register image from 

35 the images acquired by the image acquisition unit 130, 
and inputs it to the input unit 120. Then the input unit 
120 inputs the contents inputted through the user oper- 
ation to the terminal side registration processing unit 
111. 

40 [0031] The voice acquisition unit 140 acquires the 
voice of the user. The voice acquisition unit 140 inputs 
the acquired voice to the terminal side processing unit 
1 1 0. The voice acquisition unit 1 40 may be, for example, 
a microphone. The voice acquisition unit 140 is not al- 

45 ways necessary since the mobile terminal 1 00 receives 
the authentication using the image, from the authenti- 
cation server 300. In the case that the mobile terminal 
100 is a cellular phone, a voice output unit is provided 
that outputs the voice received by the communication 

50 control unit 1 60. In this case, the voice inputted from the 
communication control unit 1 60 is outputted to the voice 
output unit by the terminal side processing unit 110. Al- 
ternatively, the user may input the operation contents to 
the voice acquisition unit 140 by voice, instead of the 

55 input unit 1 20. In this case, the voice acquisition unit 1 40 
feeds the operation contents input from the user into the 
terminal side processing unit 110. 
[0032] The memory unit 150 stores various types of 
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information. For example, the memory unit 150 stores 
the registerimage acquired by the image acquisition unit 
130, voice acquired by the voice acquisition unit 140, 
and the identification data of the user. The memory unit 
150 may be, for example, memory. In addition, the mem- 
ory unit 150 stores the register image and voice as dig- 
ital data. 

[0033] The display unit 1 70 displays various types of 
information. For example, the display unit 170 displays 
the image acquired by the image acquisition unit 1 30, 
the notification received by the communication control 
unit 1 60 from the authentication server 300 or the server 
211, and instructions for the user from the terminal 
processing unit 110. The display unit 170 may be, for 
example, a thin film transistor liquid crystal display unit. 
[0034] The mobile communication network 200 pro- 
vides a communication path for communication be- 
tween the mobile terminal 100 and the authentication 
server 300, the server 211, and a terminal. As shown in 
FIG. 1 , the mobile communication network 200 includes 
a base station 201 and an exchange 202. The base sta- 
tion 201 communicates with the mobile terminal 100 via 
a radio wave. The base station 201 and exchanger 202 
are connected via a signal line. The exchange 202 con- 
nects to, and communicates with the authentication 
server 300 via the signal line. It shou Id be noted that the 
exchange 202 may also be connected to the authenti- 
cation server 300 via other networks. 
[0035] The mobile communication network 200 is a 
network that can transmit the moving image transmitted 
from the mobile terminal 1 00 to the authentication server 
300. In other words, the mobile communication network 
200 is a network capable of using a "video-phone". More 
specifically, the mobile communication network 200 
transmits the moving image in real time. In other words, 
the mobile communication network 200 transmits the 
moving image within an acceptable delay time. The mo- 
bile communication network 200 has a transmission 
speed that accomplishes transmission of the moving im- 
age within an acceptable delay time. The mobile com- 
munication network 200 may be, for example, a circuit 
switching type network or a packet switching type net- 
work. However, it is preferable that the mobile commu- 
nication network 200 be the circuit switching type net- 
work. 

[0036] The server 211 is a server that provides vari- 
ous services to the user of the mobile terminal 1 00. The 
server 21 1 connects to the authentication server 300 via 
the network 210. The network 210 provides a commu- 
nication path for communication between the server 211 
and the authentication server 300. The server 211 pro- 
vides services to the mobile terminal 1 00 via the authen- 
tication server 300. In other words, only the user of the 
mobile terminal 100 who is identified as being him/her- 
self by the authentication server 300 can use services 
provided by the server 211 on the mobile terminal 100. 
For example, the server 21 1 provides services for selling 
goods through on-line shopping. The server 211 also 
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provides services relating to home security or building 
security that determines whether or not a person is al- 
lowed to enter his/her house or a building, and locks/ 
unlocks the house or building. 

5 [0037] The server 211 requests the authentication of 
the mobile terminal 1 00 user to the authentication server 
300. For example, in the case that the server 211 pro- 
vides services for selling goods, the server 21 1 requests 
authentication when the user purchases goods. In the 

w case that the server 211 provides services relating to 
home security or building security, the server 211 re- 
quests authentication when the user wishes to enter 
their house or a building. In other words, the server 21 1 
makes a request for the authentication of the user to the 

15 authentication server 300 when authentication is re- 
quired in accordance with the user's action. 
[0038] The authentication server 300 is an authenti- 
cation system that authenticates the user of the mobile 
terminal 100. The authentication server 300 determines 

20 whether or not the user of the mobile terminal 100 is 
him/herself. The authentication server 300 communi- 
cates with the mobile terminal 100 via the mobile com- 
munication network 200. The authentication server 300 
also communicates with the server 211 via the network 

25 210. As shown in FIG. 1 , the authentication server 300 
comprises a communication control unit 310, a server 
side processing unit 320, an authentication database 
(hereinafter, referred to as "authentication DB") 330, a 
starting condition storage unit 340, a timer 350, and an 

30 input u nit 360. The server side processing unit 320 com- 
prises a server side registration processing unit 321 and 
a server side authentication processing unit 322. 
[0039] The authentication DB 330 is a register image 
storage unit that stores the register image of the mobile 

35 terminal 1 00 user that has been pre- registered. The au- 
thentication DB 330 connects the identification data with 
the register image and stores them both. Thus, the iden- 
tification data of the user may be used as the key for the 
authentication DB 330. The authentication DB 330 

40 stores the identification data of the user and the register 
image transmitted from the mobile terminal 1 00. The au- 
thentication DB 330 stores the identification data and 
the register image of the user inputted from the server 
side registration processing unit 321 . The authentication 

45 DB 330 may store other information to be used for au- 
thentication processing. 
- [0040] The communication control unit 310 communi- 
cates with the mobile terminal 100 via the mobile com- 
munication network 200. The communication control 

so unit 310 connects to the mobile terminal 100 to perform 
information transmission/reception. The communica- 
tion control unit 310 receives the moving image of the 
user transmitted from the mobile terminal 100 via the 
mobile communication network 200. More specifically, 

55 during authentication, the communication control unit 
310 continues to receive real-time moving image signals 
transmitted from the mobile terminal 100, while the au- 
thentication server 300 and the mobile terminal 100 are 
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connected. At this time, the communication control unit 
310 receives the identification data of the user in addi- 
tion to the moving image signal. The communication 
control unit 310 inputs the received moving image and 
identification data of the user to the server side authen- 5 
tication processing unit 322. 

[0041] The communication control unit 310 receives 
the register image of the user transmitted from the mo- 
bile terminal 100 via the mobile communication network 
200. More specifically, the communication control unit 10 
310 receives the register image signals transmitted from 
the mobile terminal 100 when the authentication server 
registers the register image. At this time, the communi- 
cation control unit 31 0 receives the identification data of 
the user in addition to the register image signal. The 15 
communication control unit 310 inputs the received reg- 
ister image and identification data of the user to the serv- 
er side registration processing unit 321. The communi- 
cation control unit 310 also transmits the notification for 
the mobile terminal 1 00 to the mobile terminal 1 00. The 20 
notification for the mobile terminal 1 00 is inputted to the 
communication control unit 310 by the server side 
processing unit 320. The communication control unit 
310 disconnects the connection with the mobile terminal 
1 00 in accordance with instructions from the server side 25 
authentication processing unit 322. 
[0042] The communication control unit 31 0 communi- 
cates with the server 21 1 via the mobile communication 
network 210. The communication control unit receives 
the authentication request of the mobile terminal 100 us- 30 
er from the server 211 . The communication control unit 
310 inputs the received the authentication request to the 
server side authentication processing unit 322. The 
communication control unit 310 transmits a notification 
to the server 211 . The notification for the server 211 is 35 
inputted to the communication control unit 310 by the 
server side authentication processing unit 322. 
[0043] The server side processing unit 320 performs 
various types of processing in the authentication server 
300. To begin with, the server side authentication 40 
processing unit 322 performs processing relating to the 
authentication of the user of the mobile terminal 100. 
The server side authentication processing unit 322 is an 
authentication processing unit that authenticates the us- 
er by checking the moving image received by the com- 
munication control unit 310 against the register image 
stored in the authentication DB 330. The server side au- 
thentication processing unit 322 is inputted the moving 
image signal and identification data of the user by the 
communication control unit 310. During authentication, so 
the real-time moving image is inputted to the server side 
authentication processing unit 322 by the communica- 
tion control unit 310, while the authentication server 300 
and the mobile terminal 100 are connected. 
[0044] The server side authentication processing unit 55 
322 converts the moving image signals inputted from 
the communication control unit 31 0 into moving images. 
In addition, the server side authentication processing 
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unit 322 searches the authentication DB 330 for the 
identification data inputted from the communication con- 
trol unit 310. The server side authentication processing 
unit 322 acquires the identification data and the register 
image associated with the identification data from the 
authentication DB 330. The server side authentication 
processing unit 322 checks the register image acquired 
from the authentication DB 330 against the converted 
moving image. The server side authentication process- 
ing unit 322 also checks the identification data received 
by the communication control unit 310 against the iden- 
tification data acquired from the authentication DB 330. 
If the moving image matches the register image, and the 
received identification data matches the stored identifi- 
cation data in the authentication DB 330, then the server 
side authentication processing unit 322 determines that 
the user of the mobile terminal 1 00 is the user him/her- 
self. If either the image or the identification data does 
not match, then the server side authentication process- 
ing unit 322 determines that the user is not the user him/ 
herself. In this manner, accordingly, by not only checking 
the moving image against the register image, but also 
checking the identification data, it is possible to perform 
more accurate authentication with the server side au- 
thentication processing unit 322, and security levels 
may be enhanced. 

[0045] The server side authentication processing unit 
322 acquires, for example, a static image from the mov- 
ing image at a certain timing. Then the server side au- 
thentication processing unit 322 checks the static image 
acquired from the moving image againstthe register im- 
age. If the moving image transmitted from the mobile 
terminal 100 is stored without change as the register im- 
age in the authentication DB 330, then the server side 
authentication processing unit 322 acquires a static im- 
age from the register image of the moving image. Then 
the server side authentication processing unit 322 
checks the moving image to be authenticated against 
the static image acquired from the moving image of the 
register image. 

[0046] In addition, the server side authentication 
processing unit 322 may check the moving image to be 
authenticated against the moving image of the register 
image. In addition, when the moving image or register 
image is the image of the user's face, the server side 
authentication processing unit 322 performs shape rec- 
ognition on the individual parts of the face from the im- 
age. The server side authentication processing unit 322 
checks the images by determining whether the recog- 
nized shapes of the parts match or not. It is also prefer- 
able that the server side authentication processing unit 
322 acquire a plurality of static images from the moving 
image. Next, the server side authentication processing 
unit 322 checks the acquired plurality of static images 
against the register images, respectively. Through this, 
the accuracy of checks performed at the server side au- 
thentication processing unit 322 may be enhanced. Ac- 
cordingly, the server side authentication processing unit 
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322 may perform a more accurate authentication. In ad- 
dition, the server side authentication processing unit 
322 may acquire a pre-defined fixed number of static 
images from the moving image to check against the reg- 
ister image. If the percentage of matches between the 
acquired plurality of static images and the register im- 
ages is higher than a threshold value, the server side 
authentication processing unit 322 determines that the 
user has been identified as him/herself, and if the per- 
centage is below the threshold value, it determines that 
the user has not been identified as him/herself. 
[0047] To begin with, the server side authentication 
processing unit 322 authenticates when the mobile ter- 
minal 100 connects to the authentication server 300. At 
this point, the server side authentication processing unit 
322 authenticates using the moving image when the 
mobile terminal 100 connects to the communication 
control unit 310 and begins transmission of the moving 
image. 

[0048] The server side authentication processing unit 
322 also authenticates based on the starting conditions 
stored in the starting condition storage unit 340. The 
starting condition storage unit 340 stores the starting 
conditions for starting authentication. The starting con- 
ditions for starting authentication are pre-registered in 
the starting condition storage unit 340. The server side 
authentication processing unit 322 acquires the starting 
conditions from the starting condition storage unit 340, 
and authenticates based on the acquired starting con- 
ditions. 

[0049] For example, the starting condition storage 
unit 340 stores a cycle for starting authentication as the 
starting condition. The cycle may be a fixed cycle or ran- 
dom cycle. In this case, the server side authentication 
processing unit 322 acquires the cycle as the starting 
condition from the starting condition storage unit 340. 
The server side authentication processing unit 322 also 
acquires the time from the timer 350. The server side 
authentication processing unit 322 measures the cycle 
for starting authentication by using the time acquired 
from the timer 350. The server side authentication 
processing unit 322 starts the authentication when the 
time reaches the cycle of the starting conditions. The 
timer 350 supplies the time to the server side authenti- 
cation processing unit 322. 

[0050] The starting condition storage unit 340 also 
stores an event as the starting condition for starting the 
authentication. In this case, the server side authentica- 
tion processing unit 322 acquires the event for starting 
the authentication as the starting condition from the 
starting condition storage unit 340. Then the server side 
authentication processing unit 322 starts authentication 
when the event occurs. For example, the starting con- 
dition storage unit 340 stores the starting conditions that 
the authentication is performed again, if the checked re- 
sults of the moving image against the register image and 
the identification data do not identify the user as him/ 
herself. In this case, if the checked results do not identify 
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the user as him/herserf, then the server side authenti- 
cation processing unit 322 starts re-authentication. The 
server side authentication processing unit 322 performs 
re -authentication by using the moving image that is re- 
5 ceived by the communication control unit 310 at the re- 
authentication. The starting condition storage unit 340 
may store the user's operation as the event for starting 
authentication. 

[0051] The server side authentication processing unit 

10 322 accepts the authentication request, and authenti- 
cates based on the request. For example, the server 
side authentication processing unit 322 accepts the re- 
quest for authentication from the server 21 1 . The server 
side authentication processing unit 322 starts the au- 

*s thentication when the communication control unit 310 
inputs the authentication request from the server 211 
that is received by the communication control unit 310. 
[0052] The server side authentication processing unit 
322 also accepts the request for the authentication from 

20 the input unit 360. The input unit 360 accepts input from 
the operator of the authentication server 300. The input 
unit 360 may be able to accept operator's input. The in- 
put unit 360 may be, for example, a plurality of buttons, 
keys, and microphones. The input unit 360 inputs the 

25 input contents inputted through the operator's opera- 
tions to the server side authentication processing unit 
322. For example, the operator inputs the request for 
authentication to the input unit 360 if required or when 
receiving a request from a third party. 

30 [0053] If the user is identified as him/herself, then the 
server side authentication processing unit 322 remains 
connected to the mobile terminal 100. On the other 
hand, if the user is not identified as him/herself, then the 
server side authentication processing unit 322 instructs 

35 the communication control unit 310 to disconnect from 
the mobile terminal 1 00. At this time, the authentication 
server 300 may transmit a notification based on the au- 
thentication result to the mobile terminal 100. In such a 
case, the server side authentication processing unit 322 

40 creates the notification based on the authentication re- 
sult and inputs the notification to the communication 
control unit 310. For example, if the user is identified as 
him/herself, then the server side authentication 
processing unit 322 creates an authentication complete 

^5 notification. If the user is not identified as him/herself, 
then the server side authentication processing unit 322 
creates an authentication disapproved notification. In 
the case that it is impossible to authenticate since the 
register image connected with the identification data 

50 does not exist in the authentication DB 330, the server 
side authentication processing unit 322 creates a noti- 
fication to the effect that the image is not registered or 
a notification prompting the user to register. The server 
side authentication processing unit 322 may create a 

55 notification prompting the user to confirm that the mov- 
ing image is being transmitted. 
[0054] Thus, the authentication server 300 may de- 
termine correctly whether or not the user is him/herself 
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by using the moving image of the user transmitted from 
the mobile terminal 100. Accordingly, the authentication 
server 300 has a very high level of security, and may 
prevent the mobile terminal 100 from being abused by 
a third party. Therefore, the authentication server 300 5 
may prevent a third party from being authenticated as 
the user him/herseff when the password is used, as in 
the conventional example, by a third party. Moreover, 
the communication control unit 310 receives the moving 
image transmitted from the mobile terminal 1 00. There- 10 
fore, the authentication server 300 may authenticate us- 
ing the image irrespective of the location of the authen- 
tication subject Accordingly, it is not necessary to pro- 
vide cameras at each location where the authentication 
subject exists. 15 
[0055] It should be noted that the authentication serv- 
er 300 may include a display unit. In this case, the server 
side authentication processing unit 322 outputs the con- 
verted moving image to the display unit. The server side 
authentication processing unit 322 also outputs the reg- 20 
ister image acquired from the authentication DB 330 to 
the display unit. The operator of the authentication serv- 
er 300 checks the moving image against the register im- 
age displayed upon the display unit The operator inputs 
the results of the checks through the input unit 360. 25 
Next, the input unit 360 inputs the results of the checks 
inputted by the operator to the server side authentication 
processing unit 322. Alternatively, the operator may in- 
put questions to the user of the mobile terminal 100 
through the input unit 360. The input unit 360 inputs the 30 
questions input by the operator to the server side au- 
thentication processing unit 322. The server side au- 
thentication processing unit 322 inputs the questions to 
the communication control unit 31 0. The communication 
control unit 310 transmits the questions to the mobile 35 
terminal 100. The server side authentication processing 
unit 322 may authenticate by using the responses to the 
questions received from the mobile terminal 100. 
[0056] The server side registration processing unit 
321 performs processing relating to the registration of 40 
the register image of the user. The server side registra- 
tion processing unit 321 is a registration processing unit 
that registers the register image received by the com- 
munication control unit 310 in the authentication DB 
330. The signal of the register image and the identifica- 45 
tion data of the user are inputted to the server side reg- 
istration processing unit 321 by the communication con- 
trol unit 310. The server side registration processing unit 
321 converts the signal of the register image inputted 
from the communication control unit 31 0 into the register so 
image. The server side registration processing unit 321 
connects the identification data with the register image 
and stores them in the authentication DB 330. Thus, the 
server side registration processing unit 32 1 registers the 
register image of the user in the authentication DB 330. 55 
[0057] The server side registration processing unit 
321 acquires a static image from the moving image 
when the register image transmitted from the mobile ter- 
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minal 100 is the moving image. Then the server side 
registration processing unit 321 stores the static image 
acquired from the moving image in the authentication 
DB 330 as the register image. The server side registra- 
tion processing unit 321 may acquire a plurality of static 
images from the moving image and store them in the 
authentication DB 330. In addition, the server side reg- 
istration processing unit 321 may store the moving im- 
age transmitted from the mobile terminal 100 as it is in 
the authentication DB 330. 

[0058] At this time, the authentication server 300 may 
transmit a notification relating to the registration of the 
mobile terminal 100. In such a case, the server side reg- 
istration processing unit 321 creates notification relating 
to the registration and inputs it to the communication 
control unit 310. For example, the server side registra- 
tion processing unit 321 creates a registration complete 
notification when the registration of the register image 
is completed. The server side registration processing 
unit 321 may confirm the registration image before stor- 
ing Jt in the authentication DB 330. At this time, if the 
register image is inappropriate, that is, if the register im- 
age is not clear, or if the register image is not received 
correctly, the server side registration processing unit 
321 may not store the image in the authentication DB 
330. Moreover, the server side registration processing 
unit 321 may create a notification prompting the user to 
retransmit the register image, or a notification rejecting 
the register image. 

[0059] The server side registration processing unit 
321 and server side authentication processing unit 322 
operate independently. Therefore, the server side reg- 
istration processing unit 321 and server side authenti- 
cation processing unit 322 may be provided in different 
authentication servers. In addition, the authentication 
server 300 may be provided within the mobile commu- 
nication network 200. In the authentication system 1 , the 
authentication server 300 includes the communication 
control unit 31 0, the server side processing unit 320, the 
authentication DB 330, a starting condition storage unit 
340, timer 350, and the input unit 360, however, these 
units may be provided separately, in a plurality of serv- 
ers instead of a single server. 

[0060] Next, processing between the mobile terminal 
1 00 and the authentication server 300 is described. FIG. 
2 illustrates the registration processing procedure of the 
register image by dividing the processing into a terminal 
side registration processing performed by the mobile 
terminal 100 and an authentication server side registra- 
tion processing performed by the authentication server 
300. 

[0061] To begin with, the terminal side registration 
processing is described. The mobile terminal 100 ac- 
quires the register image (S410). More specifically, the 
image acquisition unit 130 acquires the register image, 
and the terminal side registration processing unit 1 1 1 ac- 
cepts the register image inputted from the image acqui- 
sition unit 130 (S411). For example, the image acquisi- 
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tion unit 1 30 acquires the image of the user, and inputs 
it to the terminal side registration processing unit 111. 
The display unit 170 displays the image of the user. The 
terminal side registration processing unit 111 outputs a 
message to the display unit 1 70 instructing the user to 
decide on the register image. The user then selects the 
register image with viewing the image displayed upon 
the display unit 170, and inputs it to the input unit 120. 
The terminal side registration processing unit 111 then 
acquires the static image or the moving image inputted 
from the image acquisition unit 130 in accordance with 
the user's'operatioh inputted through the input unit 120. 
[0062] The terminal side registration processing unit 
111 stores the acquired register image in the memory 
unit 150 (S412). The terminal side registration process- 
ing unit 111 outputs the register image stored in the 
memory unit 150 together with instructions for the user 
to confirm the register image, to the display unit 170 
(S413). The user may return to step S411 to acquisition 
the register image again, if the user wants to change the 
register image confirmed in the step (S413). 
[0063] Next, the mobile terminal 100 secures the 
communication path with the authentication server 300, 
and connects (S420). More specifically, to begin with, 
the communication control unit 160 connects to the au- 
thentication server 300 (S421). The communication 
control unit 160 connects to the base station 201 via ra- 
dio wave. Next, the communication control unit 1 60 con- 
nects to the authentication server 300 via the base sta- 
tion 201 and exchange 202. For example, the commu- 
nication control unit 160 connects to the authentication 
server 300 through dial-up access. 
[0064] Next, the communication control unit 160 
transmits a communication start request to the authen- 
tication server 300 (S422). The communication control 
unit 1 60 receives the acceptance of the request trans- 
mitted from the authentication server 300. The accept- 
ance of the request is a response to the effect that the 
communication start request is accepted (S423). If the 
communication control unit 160 can not receive the ac- 
ceptance of the request, it may return to the step (S422) 
and retransmit the communication start request. 
[0065] Next, the mobile terminal 100 transmits the 
register image (S430). More specifically, the terminal 
side authentication processing unit 111 converts the im- 
age, which is inputted from the image acquisition unit 
130, into a signal that can be transmitted through the 
mobile communication network 200. The communica- 
tion.cpntrol unit 160 transmits the identification data of 
the user acquired from the memory unit 1 50 in addition 
to the register image signal converted by the terminal 
side registration processing unit 111 (S431 ). Finally, the 
communication control unit 1 60 receives the registration 
completion notification and terminates the registration 
processing (S432). The mobile terminal 100 may re- 
transfer the register image when it can not receive the 
registration completion notification in step (S432). 
[0066] Next, the authentication server side registra- 
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tion processing is described. To begin with, the authen- 
tication server 300 secures a communication path with 
the mobile terminal 100, and connects (S510). More 
specifically, the communication control unit 310 re- 

5 ceives the communication start request transmitted 
from the mobile terminal 100 (S511). The communica- 
tion control unit 310 secures the communication path 
with the mobile terminal 1 00 and connects, transmits the 
acceptance of the request to the mobile terminal 100 

10 (S512). In step (S512), if the communication start re- 
quest from the mobile terminal 1 00 is determined as be- 
ing improper access, the communication control unit 
310 may not transmit the acceptance of the request, and 
reject the communication start request. 

15 [0067] Next, the authentication server 300 registers 
the register image transmitted from the mobile terminal 
100 (S520). More specifically, the communication con- 
trol unit 310 receives the register image and identifica- 
tion data transmitted from the mobile terminal 100 

20 (S521 ). The server side registration processing unit 322 
connects the register image received by the communi- 
cation control unit 310 with the identification data and 
then stores them in the authentication DB 330 (S522). 
Finally, the authentication server 300 transmits the reg- 

25 istration complete notification to the mobile terminal 1 00 
and terminates registration processing of the register 
image (S523). In step (S522), the authentication server 
300 may confirm the register image before stores it in 
the authentication DB 330. When the register image is 

30 inappropriate, the authentication server 300 may trans- 
mit a notification prompting retransmission of the regis- 
ter image or s notification rejecting an acceptance of the 
register image. 

[0068] The order of step (S410) and step (S420) may 
35 be reversed. In steps (S420) and (S51 0), the mobile ter- 
minal 100 transmits the communication start request, 
however, the authentication server 300 may transmit the 
communication start request. 

[0069] Next, FIG. 3 illustrates the authentication 

^o processing procedure by dividing the processing into a 
terminal side authentication processing performed by 
the mobile terminal 100 and an authentication server 
side authentication processing performed by the au- 
thentication server 300. To begin with, the terminal side 

45 authentication processing is described. At first, the mo- 
bile terminal 100 secures the communication path with 
the authentication server 300, and connects (S610). 
More specifically, the mobile terminal 100 connects to 
the authentication server 300 (S611), transmits a com- 

50 munication start request (S612), and receives the ac- 
ceptance of the request (S613). The steps (S611) 
through (S613) are substantially identical to the steps 
(S421) through (S423) shown in FIG. 2. 
[0070] Next, the mobile terminal 100 acquires a mov- 

55 ing image (S620). More specifically, the image acquisi- 
tion unit 130 acquires the user's moving image of the 
user, and inputs it to the terminal side authentication 
processing unit 112. At this time, the display unit 170 
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displays the moving image of the user. The terminal side 
authentication processing unit 112 outputs a message 
instructing the user to confirm the moving image to the 
display unit 170. Then the user views and confirms the 
moving image displayed upon the display unit 170. 
[0071] Next, the mobile terminal 100 transmits the 
moving image to the authentication server 300 (S630). 
More specifically, the terminal side authentication 
processing unit 1 1 2 converts the moving image inputted 
from the image acquisition unit 130, into a signal that 
can be transmitted through the mobile communication 
network 200. The communication control unit 160 then 
transmits to the authentication server 300 the identifica- 
tion data of the user acquired from the memory unit 1 50 
in addition to the signal of the moving image converted 
by the terminal side authentication processing unit 112. 
[0072] Step (S620) and step (S630) are always per- 
formed while the mobile terminal 1 00 and the authenti- 
cation server 300 are connected. In other words, the mo- 
bile terminal 100. acquires the real-time moving image 
of the user, and continues to transmit it to the authenti- 
cation server 300 in real time. 

[0073] Then the mobile terminal 100 receives a noti- 
fication of the authentication result from the authentica- 
tion server 300 (S640). More specifically, the mobile ter- 
minal 1 00 receives the authentication complete notifica- 
tion when the user is identified as the user him/herself 
by the authentication server 300. And the mobile termi- 
nal 100 continues to connect with the authentication 
server 300 while the user is identified as him/herself by 
the authentication server 300. On the other hand, if the 
user is not identified as him/herself by the authentication 
server 300,the mobile terminal 1 00 receives an authen- 
tication disapproved notification. The mobile terminal 
100 is disconnected by the authentication server 300. 
The mobile terminal 1 00 registers the register image up- 
on receiving a notification to the effect that the register 
image is not registered or a notification prompting the 
user to register from the authentication server 300. 
[0074] Next, the authentication server side authenti- 
cation processing is described. To begin with, the au- 
thentication server 300 secures the communication path 
with the mobile terminal 100, and connects (S710). 
More specifically, the authentication server 300 receives 
a communication start request (S71 1 ), and transmits an 
acceptance of the request (S71 2). The steps (S71 1 ) and 
(S712) are substantially identical to steps (S511) and 
(S512) shown in FIG. 2. 

[0075] Next, the authentication server 300 receives 
the moving image (S720). The communication control 
unit 310 continues to receive the real-time moving im- 
ages and identification data of the user transmitted from 
the mobile terminal 100 while the authentication server 
300 and the mobile terminal 100 are connected. Next, 
the authentication server 300 checks the moving image 
received by the communication control unit 310 against 
the register image stored in the authentication DB 330. 
The authentication server 300 also checks the identifi- 
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cation data received by the communication control unit 
310 against the identification data acquired from the au- 
thentication DB 330. 

[0076] Then the authentication server 300 then trans- 

5 mits the notification of the authentication result to the 
mobile terminal 100 (S740). More specifically, when the 
user is identified as him/herself, the authentication serv- 
er 300 transmits an authentication complete notification. 
And the authentication server 300 continues to connect 

10 with the mobile terminal 100 if the user is identified as 
him/herself. On the other hand, if the user is not identi- 
fied as him/herself, the authentication server 300 trans- 
mits an authentication disapproved notification. And the 
authentication server 300 then disconnects from the 

'5 mobile terminal 100. If authentication cannot be made 
because the register image connected with the identifi- 
cation data does not exist in the authentication DB 330, 
then the authentication server 300 transmits a notifica- 
tion to the effect that the register image is not registered 

20 or a notification prompting the user to register. 

[0077] The order of steps (S610) and step (S620) may 
be reversed. In steps (S610) and (S710), the mobile ter- 
minal 100 transmits the communication start request, 
however, the communication start request may be trans- 

25 mitted by the authentication server 300. 

[0078] Next, the authentication processing that is per- 
formed by the authentication server 300 while connect- 
ed with the mobile terminal 100 is described with refer- 
ence to FIG. 4. In FIG. 4, the case in which the mobile 

30 terminal 100 uses the service for selling goods provided 
by the server 211 is described as an example. 
[0079] To begin with, the mobile terminal 100 trans- 
mits a communication start request to the authentication 
server 300 when using the service provided by the serv- 
es er 21 1 (S801 ). The authentication server 300 transmits 
the acceptance of the request in response to the com- 
munication start request from the mobile terminal 100 
(S802). Through this, the mobile terminal 100 and the 
authentication server 300 are connected. The mobile 

40 terminal 100 starts the transmission of the moving im- 
age when the mobile terminal 100 and the authentica- 
tion server 300 are connected (S803). Hereafter, the 
mobile terminal 100 continues to transmit the moving 
image while the mobile terminal 100 and the authenti- 

45 cation server 3O0 are connected. 

[0080] The authentication server 300 authenticates 
when the mobile terminal connects to the authentication 
server 300. The authentication server 300 authenticates 
using the real-time moving image of the user received 

so when connected to the mobile terminal 100 (S804). In 
step (S804), if the user is identified as him/herself, then 
the authentication server 300 remains connected to the 
mobile terminal 100. On the other hand, in step (S804), 
if the user is not identified as him/herself, then the au- 

55 thentication server 300 performs the re-authentication. 
The authentication server 300 uses the real-time mov- 
ing image of the user received when re-authentication 
is performed (S805). This is because the starting con- 
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dition storage unit 340 stores the starting conditions for 
performing re-authentication when the checked results 
of the moving image against the register image and 
identification data do not identify the user as him/herself, 
and as a result, the server side authentication process- 
ing unit 322 starts re-authentication based on the start- 
ing conditions. 

[0081] In step (S805), if the user is identified as him/ 
herself, then the authentication server 300 remains con- 
nected to the mobile terminal 100. On the other hand, 
in step (S805), if the user is not identified as him/herself, 
the authentication server 300 disconnects from the mo- 
bile terminal 100 (S806). 

[0082] The server 211 transmits the contents of the 
goods to only the mobile terminal 100 used by the user 
who has been identified as him/herself by the authenti- 
cation server 300, thus begins the service. In the mean- 
time, the mobile terminal 100 transmits the moving im- 
age of the user to the authentication server 300. 
[0083] The starting condition storage unit 340 stores 
the cycle for starting authentication as the starting con- 
dition. Therefore, the server side authentication 
processing unit 322 acquires the cycle as the starting 
condition from the starting condition storage unit 340, 
and acquires time from the timer 350. The server side 
authentication processing unit 322 automatically starts 
authentication when the time reaches the cycle of the 
starting condition. The authentication server 300 per- 
forms authentication by using the real-time moving im- 
age of the user received when the timer reaches the cy- 
cle of the starting condition (S807). 
[0084] In step (S807), if the user is identified as him/ 
herself, then authentication server 300 remains con- 
nected to the mobile terminal 100. On the other hand, 
in step (S807), if the user is not identified as him/herself, 
then the authentication server 300 performs re-authen- 
tication (S808). In step (S808), if the user is identified 
as him/herself, then the authentication' server 300 re- 
mains connected to the mobile terminal 1 00. On the oth- 
er hand, in step (S808), if the user is not identified as 
him/herself, then the authentication server 300 discon- 
nects from the mobile terminal 100 (S809). 
[0085] Thereafter, the server 21 1 makes a request for 
the authentication of the user to the authentication serv- 
er 300 when the user of the mobile terminal 100 pur- 
chases goods. The authentication server 300 accepts 
the authentication request from the server 211. Next, the 
authentication server 300 starts the authentication of the 
user. The authentication server 300 authenticates using 
the real-time moving image of the user received when 
the request from the server 21 1 is accepted (S810). The 
authentication server 300 may start authentication when 
the user attempts to purchase goods, by storing the 
starting condition that authentication starts when the us- 
er purchases goods as a starting condition storage unit 
340. In addition, the authentication server 300 may start 
authentication when the user purchases goods by mak- 
ing the operator of the authentication server 300 input 



an authentication request through the input unit 360 
when the user purchases goods. 
[0086] In step (S81 0), if the user is identified as him/ 
herself, then the authentication server 300 remains con- 

5 nected to the mobile terminal 100. On the other hand, 
in step (S810), if the user is not identif ied as him/herself, 
then the authentication server 300 performs re-authen- 
tication (S81 1 ). In step (S81 1 ), if the user is identified as 
him/herself, the authentication server 300 remains con- 

10 nected to the mobile terminal 100. On the other hand, 
in step (S811), if the user is not identified as the author- 
ized user, the authentication server 300 disconnects the 
mobile terminal 100 (S812). 

[0087] Thus, the authentication server 300 continues 
15 to receive the moving image of the user white connected 
to the mobile terminal 100. As a result, the authentica- 
tion server 300 may authenticate at any time. Accord- 
ingly, the authentication server 300 may confirm wheth- 
er the user is him/herself or not, not only in step (S804) 
20 when the mobile terminal 100 connects to the authenti- 
cation server 300, but also in subsequent steps such as 
steps (S807) and (S810). 

[0088] Therefore, even when the user is identified as 
him/herself upon connection, the authentication server 

25 311 may prevent a third party from performing subse- 
quent operations such as purchasing goods as a result 
of a third party stealing the image during connection. 
The authentication server 300 may authenticate when- 
ever authentication is desired such as when the user 

30 purchases goods. Accordingly, with the authentication 
server 300, it is possible to obtain effects similar to over- 
the-counter selling. 

[0089] Furthermore, the mobile terminal 1 00 is always 
transmitting the moving image while connected to the 

35 authentication server 300. Therefore, it is not necessary 
for the mobile terminal 100 to perform any operation re- 
quested by the authentication server 300 during authen- 
tication or the re-authentication by the authentication 
server 300. It should be noted that in steps (S805), 

40 (S808), and (S81 1 ), the authentication server 300 per- 
forms re-authentication only once, however, it may be 
possible to perform re-authentication several times. The 
present invention is not limited to the above- described 
embodiment, and that various modifications are possi- 

45 ble. 



Claims 

so 1. An authentication system comprising: 

a register image storage unit, which stores a 
pre-registered register image of a mobile termi- 
nal user; 

55 a communication control unit, which receives a 

moving image of the user transmitted from the 
mobile terminal; and 

an authentication processing unit, which au- 
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thenticates the user by checking the moving im- 
age received by the communication control unit 
against the register image stored in said regis- 
ter image storage unit. 

The authentication system of Claim 1 , wherein the 
communication control unit receives the moving im- 
age while connected to the mobile terminal. 



* 



the communication control unit receives the 
register image transmitted from the mobile ter- 
minal and identification data for identifying the 
user; and 

the registration processing unit connects the 
identification data with the register image re- 
ceived by said communication control unit, and 
stores these in the register image storage unit. 



3. The authentication system of Claim 1 , wherein: 



10 10. A mobile terminal comprising: 



the register image storage unit connects and 
stores identification data for identifying the user 
with the register image; 
the communication control unit receives the 
moving image and the identification data; and 
the authentication processing unit authenti- 
cates by checking the moving image against 
the register image and the received identifica- 
tion data against the Identification data stored 
in the register image storage unit. 

4. The authentication system of Claim 1 , further com- 
prising a starting condition storage unit, which 
stores the starting conditions for starting authenti- 
cation; wherein 

the authentication processing unit authenti- 
cates based on the starting conditions stored in the 
starting condition storage unit. 

5. The authentication system of Claim 1 , wherein the 
authentication processing unit accepts a request for 
authentication, and authenticates based on the ac- 
cepted request. 

6. The authentication system of Claim 1 , wherein, in 
the case that a checked result of the moving image 
against the register image does not identify the user 
as him/herself, the authentication processing unit 
performs re-authentication by using the moving im- 
age being received by the communication control 
unit and performing re-authentication. 

7. The authentication system of Claim 1 , wherein the 
authentication processing unit acquires a static im- 
age from the moving image received by the com- 
munication control unit, and checks the acquired 
static image against the register image. 

8. The authentication system of Claim t , further com- 
prising a registration processing unit, which regis- 
ters the register image received by the communica- 
tion control unit in the register image storage unit, 
wherein 

the communication control unit receives the 
register image transmitted from the mobile terminal. 

9. The authentication system of Claim 8, wherein: 



a moving image acquisition unit, which ac- 
quires a moving image of the mobile terminal 
user; and 

15 a communication control unit, which transmits 

the moving image acquired by the moving im- 
age acquisition unit to the authentication sys- 
tem, which authenticates the user. 

20 11. The mobile terminal of Claim 10, wherein the com- 
munication control unit transmits the moving image 
while connected to the authentication system. 

1 2. The mobile terminal of Claim 1 0, further comprising 
25 a register image acquisition unit, which acquires a 

register image of the user to be registered in the 
authentication system; wherein 

the communication control unit transmits the 
register image acquired by the register image ac- 
30 quisition unit to the authentication system. 

13. An authentication method, comprising: 

receiving, by an authentication system that au- 
35 thenticates a mobile terminal user, a moving im- 

age of the mobile terminal user transmitted 
from a terminal; and 

checking the received moving image against a 
register image to authenticate the user by the 
40 authentication system, which stores the pre- 

registered register image of the user. 

1 4. The authentication method of Claim 1 3, wherein the 
authentication system receives the moving image 

^5 while connected to the mobile terminal. 

15. The authentication method of Claim 13, wherein: 

the authentication system connects and stores 
50 identification data for identifying the user with 

the register image; 

the authentication system receives the moving 
image and the identification data; and 
the authentication system authenticates by 
55 checking the moving image against the register 

image, and the received identification data 
against the stored identification data. 
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16. The authentication method of Claim 13, wherein: 

the authentication system stores a starting con- 
dition for starting authentication; and 
the authentication system authenticates based 5 
on the stored starting condition. 

17. The authentication method of Claim 13, wherein: 

the authentication system accepts a request for i o 
authentication; and 

the authentication system authenticates based 
on the accepted request. 

1 8. The authentication method of Claim 1 3, wherein the 15 
authentication system performs re-authentication 

by using the received moving image when re-au- 
thentication is performed, in a case where a 
checked result of the moving image against the reg- 
ister image does not identify the user as him/herself. 20 

1 9. The authentication method of Claim 1 3, wherein the 
authentication system acquires a static image from 
the received moving image, and checks the ac- 
quired static image against the register image. 25 

20. The authentication method of Claim 13, wherein: 

the authentication system receives the register 
image transmitted from the mobile terminal; 30 
and 

the authentication system stores the received 
register image in the authentication system. 
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